<?php
class Authorization
{
	/**
	 * 
	 * @param user
	 * @param route
	 */
	function isAuthorized($user, $route)
	{
		$result = $this->getAccess($route->getMapClass(), $route->getMapMethod(), $user->get_level());
		if($result != -1)
			return ((bool)$result);
		
		$result = $this->getAccess($route->getMapClass(), "*", $user->get_level());
		if($result != -1)
			return ((bool)$result);
		
		$result = $this->getAccess($route->getMapClass(), $route->getMapMethod());
		if($result != -1)
			return ((bool)$result);
		
		$result = $this->getAccess($route->getMapClass());
		if($result != -1)
			return ((bool)$result);
		
		$result = $this->getAccess("*", "*", $user->get_level());
		if($result != -1)
			return ((bool)$result);
		
		$result = $this->getAccess();
		if($result != -1)
			return ((bool)$result);
		
		return false;
	}
	
	private function getAccess($class = "*", $method = "*", $userType = "*")
	{
		$xml = XMLReader::open( ACCESS_CONTROLER_LIST );
		
		while($xml->read())
		{
			if($xml->name === 'class' &&
				$xml->nodeType == XMLReader::ELEMENT &&
				$xml->getAttribute("name") == $class)
			{
				$xml = XMLReader::XML($xml->readInnerXML());
				
				while($xml->read())
				{
					if($xml->name === 'method' &&
						$xml->nodeType == XMLReader::ELEMENT &&
						$xml->getAttribute("name") == $method)
					{
						$xml = XMLReader::XML($xml->readInnerXML());
						
						while($xml->read())
						{
							if($xml->name === 'user' &&
								$xml->nodeType == XMLReader::ELEMENT &&
								$xml->getAttribute("type") == $userType)
							{
								if($xml->getAttribute("access") == "yes")
								{
									return 1;
								}
								else
								{
									return 0;
								}
							}
						}
					}
				}
			}
		}
		
		return -1;
	}
}
?>